Georgia neighborhood hospital Wayne Memorial Hospital (WMH) is notifying over 160,000 people that their private data was stolen in a Could 2024 data breach.
The incident, the hospital notes within the notification letter to the impacted people, a replica of which was submitted to the Lawyer Normal’s Workplaces in a number of states, was recognized on June 3, 2024, and concerned ransomware.
The hackers had entry to the healthcare group’s community between Could 30 and June 3, 2024, encrypted knowledge on hospital methods, and left a ransom observe.
“Upon discovery of this occasion, WMH instantly disconnected entry to its community and took sure methods offline whereas it labored to soundly and securely restore its community from backups,” the hospital says.
Through the assault, the hospital says, the hackers accessed data equivalent to names, dates of start, Social Safety numbers, driver’s license numbers, state ID numbers, person credentials, bank card numbers, medical health insurance data, prognosis and therapy data, medical historical past, lab outcomes, and prescription particulars.
WMH advised the Maine AGO that 163,440 folks had been affected by the data breach. Whereas the compromised data varies by particular person, the hospital is offering these affected with 12 months of free credit score monitoring and id theft safety providers.
The hospital says it engaged authorized counsel and cybersecurity professionals to safe its community and examine the assault. It additionally carried out network-wide password resets, and carried out extra detection and response capabilities.
“WMH doesn’t have any proof that the unauthorized actor misused anybody’s private data for id theft or fraud in reference to this occasion,” the hospital mentioned, noting that the hackers had been making an attempt to extort WMH.
The healthcare group didn’t title the menace actor liable for the assault. In June 2024 the Monti ransomware group added Wayne Memorial Hospital to its Tor-based leak web site, albeit noting it was the Honesdale, Pennsylvania-based hospital.
Lively since no less than 2022, Monti is understood for exploiting software program vulnerabilities for preliminary entry. To this point, Monti has claimed 16 confirmed assaults, Comparitech says. Nevertheless, the ransomware group seems to have been inactive since Could 2025.
